The Redmond, Washington-based software giant released patches for at least 80 Windows problems and specifically mentioned CVE-2023-23397, a significant Outlook hole that has been used in zero-day attacks.
Microsoft’s security response centre, as has become routine, did not offer any information or indicators of compromise (IOCs) to aid defenders in their search for evidence of compromise.
The corporation claimed credit for the discovery, indicating it was being used in sophisticated APT assaults across Europe, together with the Ukrainian CERT organisation and its own MSTI threat intelligence unit.
“An attacker who successfully exploited this vulnerability may access a user’s Net-NTLMv2 hash which could be used as a base of an NTLM Relay attack against another service to authenticate as the user,” Microsoft warned in a barebones notice outlining the flaw.
According to the business, an attacker might take advantage of this weakness by sending a specially written email that would immediately activate upon retrieval and processing by the email server.
Redmond continued, “This could result in exploitation BEFORE the email is viewed in the Preview Pane,” noting that outside attackers could send specially crafted emails that would make the victim connect to an outside UNC location under attackers’ control.
“This will disclose the Net-NTLMv2 hash of the victim to the attacker who can then relay this to another service and authenticate as the victim,” the company cautioned.
Microsoft also cautioned that attackers are actively bypassing its SmartScreen security feature and reported a second vulnerability, CVE-2023-24880, for urgent attention.
In order to assist protect users from phishing and social engineering malware downloads, Microsoft Edge and the Windows operating system both have SmartScreen technology. The business has struggled to stop attackers from getting around these features.
The notorious Magniber ransomware operation has been spotted exploiting the SmartScreen bypass mechanism, forcing several attempts by Microsoft to address the issue.
Separately, software developer Adobe issued a dire alert regarding “extremely limited assaults” that took advantage of a zero-day flaw in its Adobe ColdFusion web app development framework.
A critical-severity level advisory containing patches for ColdFusion versions 2021 and 2018 contained Adobe’s warning. Adobe stated that it is aware of CVE-2023-26360 has been used in-the-wild in a very small number of attacks that target Adobe ColdFusion. On the in-the-wild compromises, no additional information was given.